Personally identifiable information
Background In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can be used to uniquely identify an individual or with respect to which there is a reasonable basis to believe that the information can be used to identify the individual, or information that can be used to distinguish or trace the individual’s identity. Generally included in this category are an individual’s name or another personal identifier, social security number, biometric records, date and place of birth, and mother’s maiden name. Although the concept of PII is ancient, it has become much more important as information technology and the Internet have made it easier to collect PII, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity of a person, or to plan a person's murder or robbery, among other crimes. As a response to these threats, many website privacy policies specifically address the collection of PII, and lawmakers have enacted a series of legislation to limit the distribution and accessibility of PII. Sometimes multiple pieces of information, none of which alone is considered PII, might still uniquely identify a person when combined. For example, what if a company employ only one 39-year old female with a residence in Roanoke, Virginia. In that case, the employer, age, gender, and city of residence are not PII elements by themselves, but become PII when they are presented together. This scenario is an example of PII established through indirect inference, while data elements such as a driver’s license number constitute PII through direct inference. Definitions There are various, albeit similar, definitions for PII. General Personally identifiable information is information that can be linked to a specific individual including, but not limited to, name, postal address, email address, Social Security number, or driver’s license number. U.S. Department of Homeland Security The U.S. Department of Homeland Security defines personally identifiable information as "any information that permits the identity of an individual to be directly or indirectly inferred, including any information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department."DHS Privacy Office, Handbook for Safeguarding Sensitive Personally Identifiable Information at the Department of Homeland Security 4 (Oct. 31, 2008). U.S. Office of Management and Budget The U.S. Office of Management and Budget defines personally identifiable information as “information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.”OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information.http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf To distinguish an individual is to identify an individual.NIST, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) 2-1 (Special Publication 800-122 Apr. 2010) ("Guide"). Some examples of information that could identify an individual include, but are not limited to, name, passport number, social security number, or biometric data.These data elements are included in a list of identifying information from the Identity Theft and Assumption Deterrence Act of 1998, Pub. L. No. 105-318, 112 Stat. 3007 (Oct. 30, 1998). In contrast, a list containing only credit scores without any additional information concerning the individuals to whom they relate does not provide sufficient information to distinguish a specific individual.Information elements that are not sufficient to identify an individual when considered separately might nevertheless render the individual identifiable when combined with additional information. For instance, if the list of credit scores were to be supplemented with information, such as age, address, and gender, it is probable that this additional information would render the individuals identifiable. To trace an individual is to process sufficient information to make a determination about a specific aspect of an individual‘s activities or status.Guide, at 2-1. For example, an audit log containing records of user actions could be used to trace an individual‘s activities. Linked information is information about or related to an individual that is logically associated with other information about the individual.Id. In contrast, "linkable information" is information about or related to an individual for which there is a possibility of logical association with other information about the individual. For example, if two databases contain different PII elements, then someone with access to both databases may be able to link the information from the two databases and identify individuals, as well as access additional information about or relating to the individuals. If the secondary information source is present on the same system or a closely-related system and does not have security controls that effectively segregate the information sources, then the data is considered linked. If the secondary information source is maintained more remotely, such as in an unrelated system within the organization, available in public records, or otherwise readily obtainable (e.g., internet search engine), then the data is considered linkable. California law California law defines personally identifiable information as: Examples Items which might be considered PII include, but are not limited to, a person's: * Name, such as full name, maiden name, mother’s maiden name, or alias, in connection with one or more of the following: * Personal identification number, such as social security number (SSN), passport number, driver’s license number, taxpayer identification number, or financial account or credit card number * Address information, such as street address or email address * Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), fingerprints, handwriting, or other biometric image or template data (e.g., retina scans, voice signature, facial geometry). * Telephone number * IP address (in some cases) * Vehicle registration plate number * Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information). Information that is not generally considered personally identifiable, because many people share the same trait, include: * First or last name alone, if common * Country, state, or city of residence * Age, especially if non-specific * Gender or race * Name of the school they attend or workplace * Grades, salary, or job position * Criminal record When a person wishes to remain anonymous, descriptions of them will often employ several of the above, such as "a 34-year-old black man who works at Target". Note that information can still be private, in the sense that a person may not wish for it to become publicly known, without being personally identifiable. Moreover, sometimes multiple pieces of information, none of which are PII, may uniquely identify a person when brought together; this is one reason that multiple pieces of evidence are usually presented at criminal trials. For example, there may be only one Inuit person named Steve in the town of Lincoln Park, Michigan. Related laws Recently lawmakers have paid a great deal of attention to protecting a person's PII. For example, one of the primary focuses of the Health Insurance Portability and Accountability Act (HIPAA), is to protect a patient's PII. U.S. lawmakers have paid special attention to the social security number because it can be easily used to commit identity theft. The Social Security Number Protection Act of 2005 and Identity Theft Prevention Act of 2005 each seek to limit the distribution of an individual's social security number. On the other hand, many businesses see this increasing load of legislation as excessive, an unnecessary expense, and a barrier to progress. The increasing complexity of the laws might force companies to consult a lawyer just to engage in simple business practices such as server logging, user registration, and credit checks. Some have predicted such measures may inhibit the industry as a whole, lowering wages and creating a barrier to entry. For this reason, a number of privacy laws stress the "acceptable uses" of PII. References See also * Information in identifiable form Category:Privacy Category:Definition